Smart home technologies can expose homes to risk if they’re not properly secured.
Smart home devices and technologies are transforming homes. Connected thermostats, door locks, doorbells, indoor and outdoor cameras, garage door openers, light bulbs, refrigerators, and other devices allow people to monitor, protect, and interact with their homes from virtually anywhere and anytime. There is an unfortunate truth, though, when it comes to technology: Convenience is the enemy of security.
If it makes life easier for you, there’s a good chance it also makes it easier for criminals to compromise. Every feature or service of a device or platform expands the potential attack surface and provides more opportunity for failure or exploit. For example, not having any door on your home at all would not be practical—but it would certainly be more secure. Having a door makes it easier for you to get in and out yourself, and provides an easier way for a criminal to get in as well. A connected door lock that lets you unlock the door remotely is convenient—and seems more secure than just leaving a key under the door mat, but it can also be hacked to let an attacker unlock your door as well.
McAfee Uncovers Security Flaws in Smart Home Devices
McAfee published a couple blog posts this week highlighting issues discovered by researchers in some smart home devices. McAfee found that the McLear Smart Ring, and the Chamberlain MyQ Hub can both be exploited and possibly allow criminals to gain access to your home.
The McLear Smart Ring is a ring you wear on your hand that is capable of interacting with NFC (Near Field Communications) enabled door locks. The ring can automatically unlock connected door locks it is paired with so there is no need to carry a key or even remember a code to open the door. McAfee researchers found that the ring can be easily cloned, though, so a criminal could also enter your home without a key or code.
Separate research found a flaw in the Chamberlain MyQ Hub as well. According to McAfee, the MyQ Hub was surprisingly secure for an IoT device and took more effort on their part to find a way to compromise it—but they eventually did. It is a somewhat convoluted hack and McAfee admits that the likelihood of such an attack in the real world is low, however it shows that even when a vendor is conscious of security risks and takes steps to protect the device, a dedicated attacker can often still find a weakness.
Be Smart about Your Smart Home
I am not saying the sky is falling or telling you not to use IoT (internet of things) devices or smart home technologies. I have a connected doorbell, door lock, indoor and outdoor cameras, thermostats, smoke detectors, light bulbs, smart televisions, and smart speakers throughout my house. I love the convenience and the ability to monitor and manage my house while I’m away. That said, I am aware of the potential security risks, and I understand that it requires some additional due diligence—both as a consumer to choose devices from vendors that take security seriously, and as a homeowner to never fully trust the vendor and make sure I am vigilant about keeping tabs on my devices and my home myself.
In a blog post describing the McAfee findings, Steve Povolny explains, “The issue here is at a higher level; where and when do we draw the line for convenience versus security? The numerous benefits technology enhancements bring are exciting and often highly valuable; but many are unaware of the lengths cyber criminals will go to (for example, we once uncovered a vulnerability in a coffee pot which we were able to leverage to gain access to a home Wi-Fi network) and the many ways new features can reduce the security of a system.”
Povolny recommends that users practice good cyber hygiene. Doing things like changing default passwords on devices, using strong passwords and multi-factor authentication where possible, and keeping IoT devices segregated from the broader home network can help you avoid these sorts of attacks. He also points out that its incumbent on consumers to understand potential security risks and be smart when researching and buying products.